Analyst(s): Fernando Montenegro
Publication Date: October 22, 2025
Veeam Software has announced a definitive agreement to acquire Securiti AI, a key Data Security Posture Management (DSPM) vendor, for $1.725 billion. The acquisition aims to unify Veeam’s data resilience offerings with Securiti AI’s platform, which spans data privacy, governance, and AI trust. The stated rationale is to provide a more unified offering for enterprises to control, secure, and ultimately unleash the value of their data for AI initiatives.
What is Covered in this Article:
- Details of Veeam’s $1.725 billion acquisition of Securiti AI.
- The strategic push to combine data resilience with data security and AI governance.
- Analysis of the acquisition’s impact on the competitive data management landscape.
- Key questions facing the future of unified data control and AI trust.
The News: Veeam is set to acquire Securiti AI for $1.725 billion, which signals a significant push into AI-centric data security. The transaction is expected to close in the fourth quarter, pending regulatory approvals. Post-acquisition, Securiti AI’s CEO, Rehan Jalil, will become Veeam’s President of Security and AI. Veeam plans to continue offering Securiti AI’s “Data Command Center” while also developing new integrated capabilities, which it says will be announced shortly. This combination aims to create a unified platform for data resilience, DSPM, privacy, and AI governance.
Veeam Makes Bigger Data Security Play with Acquisition of Securiti
Analyst Take: Veeam’s $1.725 billion check for Securiti AI is an important strategic statement. This isn’t just a feature tuck-in; it’s a company’s huge bet on a broader future. This move shouldn’t be seen as a sudden pivot, but rather as a logical step in an ongoing strategy. Veeam has been steadily building beyond its recovery roots. We saw this with the Coveware acquisition, which added ransomware negotiation and forensics, deepening its “response” capabilities. The Securiti AI deal is a key expansion to the “left” of an incident. It also pushes Veeam from being primarily involved with the “IT” side of things, with the critical but often opaque domain of data protection, to a much more prominent position with “business” stakeholders, by better understanding enterprises’ mission-critical data.
This isn’t a tuck-in: Securiti has over 1,100 employees and had last raised an undisclosed amount in early 2023. The company’s “Data Command Center” is built on a knowledge graph designed to map the complex relationships between data, identities, and policies.
This is appealing to Veeam, as it has always, and unequivocally, focused on data protection. Securiti AI gives them a powerful engine to see and control more “business” data, the live information running in production, SaaS apps, and multi-cloud environments. The vision seems to be to create a single platform that understands data from its creation, all the way through to its backup and recovery.
From a competition perspective, this acquisition opens a multi-front dynamic:
- It directly targets traditional rivals like Rubrik, which built its brand on being a “data security” company, including its past acquisition of Laminar. It also pressures Commvault and Cohesity, among others, making them look more focused on traditional backup, while Veeam builds an AI-focused data control platform.
- The deal is also relevant to other DSPM vendors, including Cyera, Varonis, and BigID, among others. Here, Veeam may be able to articulate a more comprehensive lifecycle approach that can appeal to executives looking for strategic partners.
- Lastly, it’s worth noting that many other cybersecurity companies, particularly those building platforms, are all racing to “own” the data. Palo Alto Networks acquired Dig Security to integrate DSPM into its platform. CrowdStrike includes DSPM as a capability in its Falcon Cloud Security offering, while SentinelOne does it in its Singularity platform. Notably, Microsoft (Purview), IBM (Guardium DSPM), OpenText (Voltage), and others also have DSPM capabilities.
This shows the new dynamic in the age of strategic cybersecurity and “cyber hard” problems: cybersecurity vendors move from infrastructure/endpoint security towards the data, while data management vendors like Veeam move from resilience towards data security. Veeam’s acquisition is, to us, both a defensive and offensive move to claim ownership of “data security” from the “data-out”, as a counter to cybersecurity vendors from defining the category from the “infrastructure-in”.
Veeam’s strategic move aligns with Futurum’s recent research on the topic. This research indicates that organizations are primarily split between how they implement DSPM, but with a notable preference towards aligning DSPM to Data Protection:
Figure 1: Deployment Preferences for DSPM Capabilities
Taking this transaction from announcement to market success will require flawless execution. Veeam’s business was built on a high-velocity, channel-first sales model, while Securiti AI’s offering is a complex, CISO-level enterprise sale. Training that massive channel will be a key hurdle, as will the technical integration of these two very different platforms.
If done well, this deal significantly extends Veeam’s reach beyond “backup only” and makes it a more attractive “data security and resilience” vendor. This bodes well for its commercial future and its future aspirations of joining public markets.
What to Watch:
- Will competitors like Commvault and the Cohesity/Veritas entity now be forced to acquire a DSPM vendor to keep pace? This move raises the stakes, making a “backup-only” position look increasingly vulnerable in the AI era.
- Will customers prefer Veeam’s new integrated platform, or will they stick with DSPM specialists like Cyera and Varonis? The battle between a single-vendor stack and a specialized, multi-vendor security posture will get another round.
- How quickly can Veeam unify Securiti’s real-time, primary data graph with its own backup-centric architecture? The market will be watching closely, as a bundled offering may not be enough to win over skeptical CISOs.
- How long until a major cyber vendor makes the reverse move and acquires a data resilience company? The strategic importance of both cybersecurity and AI points to a more holistic view of data protection.
Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used AI capabilities from both Google Gemini and/or Futurum’s Intelligence Platform to summarize source material and assist with general editing. After using these capabilities, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other insights from Futurum:
New Futurum Data Reveals the Fragmented Reality of DSPM Adoption
Cybersecurity is a Strategic and Budgetary Priority, Per Futurum Research
New Cyber Hard Problems Report & The Future of Cybersecurity
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
